The following procedure guides you through the process of automating managed SharePoint Workspace account configuration for SharePoint Workspace users in your organization. This process can be applied to new SharePoint Workspace clients and to clients that have existing unmanaged SharePoint Workspace accounts. For more information about converting unmanaged accounts to managed accounts, see Migrating SharePoint Workspace users to Groove Server Manager.

Log on to the Groove Server Manager administrative Web site, open to the Identity Policy template assigned to the relevant user group, and then verify that the Member Policy for scheduling SharePoint Workspace account backup is enabled.

Update the registries of SharePoint Workspace clients with the name of the Groove Server Manager. The recommended method for doing this is to use an Active Directory Group Policy object (GPO), as follows:

Update the GPO template to include the fully qualified domain name of the Groove Server Manager Web site.

Assign the GPO template to the appropriate user container in Active Directory. The registry on SharePoint Workspace clients will be updated with the following key: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\Groove\Manager\<servername>

where <servername> is the fully qualified domain name for Groove Server Manager and the SSL certificate associated with the management server Web site.

On the server that hosts your Groove Server Manager Web site, use IIS Manager to do the following:

Add the certificate for the Groove Server Manager Web site to the Server Certificates store.

Configure the Groove Server Manager Web site for secure communications by right-clicking it, selecting Edit bindings…, and then defining the 443/TCP SSL port for HTTPS.

Ensure that the correct Authentication is enabled for your Groove Server Manager system by opening the Authentication page for the management server and specifying the following authentication settings for each Web-site level:

Groove Manager Web site: Anonymous Authentication

/AutoActivate: Windows Authentication

/GMSAdmin: Windows Authentication

/GMSClient: Anonymous Authentication

/GMSClient/Secure: Windows Authentication

/GMSConfig: Anonymous Authentication

Ensure that SSL is enabled for Groove Server Manager by opening SSL Settings for the following site levels and enabling Require 128-bit SSL:

/AutoActivate

/GMSAdmin

/GMSClient/Secure

Ensure that members for which you are configuring a new SharePoint Workspace account have a ‘pending member’ status in the Members list. Ensure that members for which you are restoring an account have an ‘active member’ status. Account auto-configuration and restoration require will not function for users who have an incompatible status.

Allow time for the Manager server to synchronize with Active directory or start the Groove Server Manager Directory Integration service to expedite synchronization.

When Active Directory and Groove Server Manager have been synchronized and a new user logs on to SharePoint Workspace, Groove Server Manager compares the user’s logon information with the imported Active Directory account name and if the information corresponds, automatically configures a managed account or restores the backed-up on the client. The user will be subject to management domain policies and Relay servers assigned to them in Groove Server Manager.

Test your account auto-configuration setup for a new member as follows:

On a client computer for which no previous account configuration has been attempted, start SharePoint Workspace for the first time. The Account Configuration Wizard opens briefly, followed by the SharePoint Workspace Launchbar.

From the SharePoint Workspace Files menu, select Info/Manage Account, select Account Preferences, and then click the Account tab. The Manager server name appears to the right side of the local computer name.

From the Groove Server Manager, select Members or another group and confirm that user status has changed from ‘pending user’ to ‘active user’.

Test your account auto-restoration setup for a member as follows:

Confirm that the member account was backed up by checking the management domain’s Member Activity report on the Groove Server Manager.

On the member’s client computer for which no previous account configuration has been attempted, log on as the member and start SharePoint Workspace for the first time. If a backed-up account exists, the SharePoint Workspace Launchbar appears.

Note

Log on to Active Directory if prompted to do so, as determined by the network topology and domain membership.

Confirm that the workspaces and contact list appear as expected and check the user account settings, available from the File menu to confirm that the correct Manager server name appears to the right side of the local computer name.